This Thanksgiving I'm Thankful for Government Regulation

Now, don't let the title fool you, I am a firm believer that government is a corrupt money suck. But occasionally, the blind squirrel that is government, finds a nut. The nut in this case is privacy regulation. You have probably heard acronyms like CCPA and GDPR but might not be too familiar with what they are. The California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR) are both milestones in the struggle for consumers rights. When you cut down the endless pages of nuance and typical government babel, it breaks down into rights. 

The CCPA outlines the right to know, right to delete, right to opt-out, and right to non-discrimination. The right to know is how it sounds. It gives consumers the right to know what information a business collects and how it is used or shared. The right to delete means that consumers have the right to request that data pertaining to them be deleted. This one has some exceptions. Some data is required to be kept in accordance with other regulations, but some personal identifiable information (PII) needs to be kept on record so that proof of deletion can be provided. The third right of opting out relates gives consumers the right to opt-out of their data being sold to third parties. In my opinion, this right is mostly useless as it related to large companies. Amazon for example has their fingers in everything from consumer products to web services. This means that there is no need for your information to be sold to a third party for Amazon to email you deals on products you only discussed with your spouse in the privacy of your Alexa riddled home. The final CCPA right is the right to non-discrimination. Simply put, a company can't discriminate against you for exercising your CCPA rights. 

GDPR contains similar rights to the CCPA but refers to the consumers as data subjects. I will use them interchangeably because data subject sounds like the object of some science experiment. The rights include the right to be informed, the right to access, the right to correct, the right to erase, the right to restrict processing, the right to portability, and the right to not be subject to automated decision making. You recall seeing those cookie popups on sites suddenly that you just ignore? Those are a result of the right to know. It requires consumers to be informed of what data is collected and why before it is collected. The right to access parallels the right to know in the CCPA, same with right to erase and right to delete. The right to correct means that consumers have the right to modify incorrect information or add missing information. Call me old fashioned but I would think that someone having wrong or missing information about me is a good thing but if you can think of a good use for that right, feel free to let me know in the comments so I can be properly shamed. The right to restrict processing is similar to the right to opt-out. It means that the data subject has the right to block what data is being used. The right to portability is like the right to know in that it gives the consumer the right to have a collection of their data delivered to them or to another controller (business, website, etc.). This would mean that if Granny decides she wants to ditch Facebook for Instagran, she can submit a request to Facebook to export her data to provide to Instagran. I say Granny can request it, but I really mean her tech-savvy grandkids can request it. The right to object to or restrict processing and the right to not be subject to automatic decision-making lines up with the right to opt out but goes further. The consumer can restrict ability to use their data for marketing but also prevent automatic algorithms from being used. I find the right about automatic decision making to be one of the most dangerous rights in GDPR. You could be on a wait list for a liver transplant, but some poorly programed algorithm says that due to your Irish heritage, you are too high of a risk. Invoke the right and you get the pleasure of a human telling you no instead, or I guess telling you yes because they meet with you and can tell you don't drink. The flip side could be for loan or credit applications. The automatic processing may see that you don't have a job, income, and are already in massive debt and deny your application. Invoking this right could mean you get the loan or credit line that you can’t afford, go deeper in debt, and writing a blog from your Granny's basement.  

 Now that the explanations are out of the way, why does it matter? It matters because as technology advances, more data is being collected and has the potential to be used in ways we can't even think of. With regulations like CCPA and GDPR, the governing bodies have made sure that these rights are protected for current and future situations. There may come a time when those governing bodies are owned by large companies, but I would hope that if these regulations are threatened, that consumers will fight to protect them as much as they do their right to bear arms or drink tea (I'm not from the UK but I assume drinking tea is in their constitution).